It is now a normal behaviour to communicate via electrical mail (email) as the access to Internet and other intra networks has increased. Everyday millions of emails are sent over Internet, containing many types of information. Emailing is also used within the companies and enterprises for internal and external communications. Many of the emails contain sensitive and secret information.
Unfortunately, not all emails reach their destination and might even be received by wrong addressees. Moreover, it is usually easy for unauthorised persons to crack servers, or access networks and read emails.
There is provided a number of solutions for sending encrypted e-mails: PGP (Pretty Good Privacy) (PGP and Pretty Good Privacy are registered trademarks of PGP Corporation) is one application that is used for sending encrypted emails. This application is a plug in for email programs based on using public-keys. Two users exchange public keys, which then can be used to encrypt and decrypt e-mails or other files. Moreover, when an email is encrypted and transmitted with the receiver's public key, the sending party cannot access the email.
It is also possible to provide a document and attach it to the e-mail and give the addressee the password for accessing the attachment.
Both these solutions imply that each time a new encrypted file or e-mail is accessed a password or a personal key must be used. A passwords and personal key can be forgotten or come into possession of unauthorised persons. Moreover, tests have shown that many people, to avoid forgetting a password/personal key, use family names, pet names etc., which can easily be guessed or even make notes.
In the international patent application WO 02/077773, a system, method, and computer program product for providing an encrypted email reader and responder is described. The method of distributing and initializing an encrypted e-mail includes: obtaining by a first user a license for an email client software application program having public/private encryption; requesting by the first user that a second user download a reader/responder software application program in order to exchange encrypted email between the first user and the second user; downloading and installing the reader/responder software application program by the second user; sending an email by the second user to the first user including embedding an unencrypted public key by using a send key function of the reader/responder software application program; receiving the email from the second user by the first user, wherein the unencrypted public key is embedded in the email; responding by the first user by sending a second email to the first user, where the reader/responder software application program encrypts a message of the second email into an encrypted message using the unencrypted public key of the second user; receiving the second email by the second user with the encrypted message as an attachment from the first user into a third party email software application program, wherein the third party email software application program is different from the reader/responder software application program and the email client software application program; and opening by the second user the attachment to execute the reader/responder software application program operative to allow a user without the email client software to read and respond to encrypted email created and sent from a user having the email client software.
Published U.S. application No. 2002059529, relates to secure email system for pre-selected email users forming a participating user group requiring secure communication, comprising a secure list server to which all secure emails are sent by members of the participating user group, the server comprising a store for certification data and a CPU which compares the names of intended recipients of each email message with data in the store and processes the message to facilitate onward certificated transmission provided the recipient is duly certificated as indicated by data in the store.
US 2003140235 relates to a method for exchanging electronic messages between a sender with an enrolled biometric feature set and a receiver with an enrolled biometric feature set, comprising: a. exchanging enrolled biometric feature sets between the sender and receiver; b. generating a live-scan biometric feature set of the sender; c. generating a first difference key derived from the difference between the sender's live-scan biometric feature set and the sender's enrolled biometric feature set; d. encrypting the message with the first difference key; e. encrypting said sender's live-scan biometric feature set with an encryption key; f. transmitting to the receiver the encrypted message and said encrypted sender's live-scan biometric feature set; g. decrypting by the receiver said encrypted sender's live-scan biometric feature set; h. regenerating by the receiver the first difference key by calculating the difference between said sender's live-scan biometric feature set and the sender's enrolled biometric feature set; and i. decrypting the message by use of the regenerated first difference key.
WO 01/91366 relates to an apparatus and method for generating pseudo-random cryptographic keys in cryptographic communications systems. Given a common set of initializing configuration data, the pseudo-random cryptographic keys can be duplicatively generated by various independent pseudo-random key generators of the cryptographic communications system.
WO 02/39660 relates to a system and method for cryptographic communication among multiple users and a central service provider using in situ generated cryptographic keys. Each user communicates with the central service provider preferably using a user communication interface that includes a local key generator, which, after initialization with the user's own individual seed value, generates a unique cryptographic key. By distributing different user individual seeds unique to each user, each user's a local key generator generates a unique set of keys. The central service provider also possesses a local key generator, and also preferably possesses a copy of all the individual seeds assigned to authorized users. The central service provider preferably communicates in a secure encrypted fashion with each user using cryptographic keys generated from that user's individual seeds. Distribution of additional seed values common to more than one user, via encrypted communication using the unique individual crpytographic key generations, then permit secure conditional access to said users via signal encryption using key generations resulting from a seed value common to the intended group of users.
In OTP: One-time pad generator program is a shareware program distributed through Internet (http://www.fourmilab.ch/onetime) for generating one-time pads or password lists.